From aacd01ea8b4eb617853938be99a8268ead8a74bf Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Fri, 8 Jul 2016 08:56:57 -0700
Subject: [PATCH] add encrypted workstation upgrade tests (current and
 previous)

Summary:
This requires us to handle decryption each time we reboot in
the upgrade process, so factor that little block out into the
base class so we don't have to keep pasting it. It's also a
bit tricky to integrate into the 'catch a boot loop' code we
have to deal with #1349721, but I think this should work. There
is a matching openqa_fedora_tools diff to generate the disk
image.

Test Plan:
Run the tests, check that they work, run the other
upgrade and encrypted install tests and check they still work
properly too.

Reviewers: garretraziel

Reviewed By: garretraziel

Subscribers: tflink

Differential Revision: https://phab.qadevel.cloud.fedoraproject.org/D922
---
 lib/fedorabase.pm                             |   9 ++++
 .../boot_enter_passphrase-20160705.json       |  15 ++++++
 .../boot_enter_passphrase-20160705.png        | Bin 0 -> 1654 bytes
 .../boot_enter_passphrase-graphical.json      |  15 ++++++
 .../boot_enter_passphrase-graphical.png       | Bin 0 -> 5835 bytes
 templates                                     |  48 ++++++++++++++++++
 tests/_graphical_wait_login.pm                |   4 +-
 tests/disk_guided_encrypted_postinstall.pm    |   9 ++--
 tests/upgrade_preinstall.pm                   |   9 ++++
 tests/upgrade_run.pm                          |  17 ++++++-
 10 files changed, 121 insertions(+), 5 deletions(-)
 create mode 100644 needles/console/boot_enter_passphrase-20160705.json
 create mode 100644 needles/console/boot_enter_passphrase-20160705.png
 create mode 100644 needles/console/boot_enter_passphrase-graphical.json
 create mode 100644 needles/console/boot_enter_passphrase-graphical.png

diff --git a/lib/fedorabase.pm b/lib/fedorabase.pm
index 029ecf30..a5a07971 100644
--- a/lib/fedorabase.pm
+++ b/lib/fedorabase.pm
@@ -224,6 +224,15 @@ sub get_host_dns {
     return @forwards;
 }
 
+sub boot_decrypt {
+    # decrypt storage during boot; arg is timeout (in seconds)
+    my $self = shift;
+    my $timeout = shift || 60;
+    assert_screen "boot_enter_passphrase", $timeout; #
+    type_string get_var("ENCRYPT_PASSWORD");
+    send_key "ret";
+}
+
 1;
 
 # vim: set sw=4 et:
diff --git a/needles/console/boot_enter_passphrase-20160705.json b/needles/console/boot_enter_passphrase-20160705.json
new file mode 100644
index 00000000..1bb61338
--- /dev/null
+++ b/needles/console/boot_enter_passphrase-20160705.json
@@ -0,0 +1,15 @@
+{
+  "area": [
+    {
+      "width": 207,
+      "xpos": 0,
+      "ypos": 169,
+      "type": "match",
+      "height": 31
+    }
+  ],
+  "tags": [
+    "boot_enter_passphrase"
+  ],
+  "properties": []
+}
\ No newline at end of file
diff --git a/needles/console/boot_enter_passphrase-20160705.png b/needles/console/boot_enter_passphrase-20160705.png
new file mode 100644
index 0000000000000000000000000000000000000000..cfa77e7362f4b2a98d957cb68f11bd8d68239228
GIT binary patch
literal 1654
zcmeAS@N?(olHy`uVBq!ia0y~yU;#3j8JL)X)bT5S=K(3s0G|+7AYD;W@&EsS=GJ7O
z9Gixxi(^Q|t+&^G`=m8R7!pFf{S3WBzMri1iu)yUVztonIo}VIEx&9#EAohE|EH^q
zq=Wy|9XPD_wEjoU?@oV4pm9SV{CLT*IRCFR|MBB~uRp$AzT(dF`(K}5ye6so?T?LD
z?G;J)m(|aXTs|$?X&4=8sl8G5anJPXJ-5OhPPAOQWjf=QFgu2v`3!r`XP>tcPB8uG
zGv%$+(`uewdB^|dD6GhS=CeF(`)Nb(>+Y8)t_akQbJMzY_E4bOZOzB48UK7`3$SC{
zv4^q8yx|wa3dRY#-^zWLUlTO4XPCko5YI8edhMIN^NJVW`z80gc=xdlw|35*xcR$B
zjB>jDE6eg6?XPQgZZn-`TJ&p9&Dx1Gtp96NGq}u*xH4(0nuB-KoV?c;-<93bWztNa
zcX=PH!-k%vqP%_$EB;wE*sd(r*}HXD+s&jaw+oNCyo%X)qh)K}_A@hADvK{kJ!ivR
z%Ui>E=h~s~9&gg8%w&Flv&i9F-0d%?k0kr$`jxv)D%|;G-HXDeV}em@-?_W>t@w9H
zVghr&NAZ?T{W3?GPFz%TSeLi%yH#&>-f5oL+_?|uc=ddba5rIe6YG<Fdiq98Hv5;_
zBTxG5&dsV*7Sio^D5*U5D(z;5rPG7dl;pjBUw?$>2Wp?*E2VHeVDtPtdxR6_K9g|j
zu~+)V)bTP+M!URW=c}D%&%ZNNI__bQNX(IaUA5kfaZ|U?lU?VlpG4U1XFM|PMe)yi
zMu(UG84BVjvj*H!XW039zI#I6v;Qm;tY5@4Y-4w*j1@S;w|&Y#J+_$FQS+i+8?)&&
zRP$7@8+6+=C!8x|TyscxK^@DE_~!3Nauhb&vwAd#Gafm4`as>c=eh#fleRn5b<C(g
zEg-u-$$VaF{`csFC%O}o??s2*FZwfaN9;9Sf%S_HmZtX1+nRRzcIA4x&g?5vkzcI#
zzkPF3EPj64gvhz;_PI@P`TDJTAJ=vMPWw084_s%Gc>Lok!|#vDkNBBC6iW>KoJE`u
rK1d$eZvSU^lqJOZc!;Tr|MXMZ*p>51<ir+ZkkdU~{an^LB{Ts5Upk8U

literal 0
HcmV?d00001

diff --git a/needles/console/boot_enter_passphrase-graphical.json b/needles/console/boot_enter_passphrase-graphical.json
new file mode 100644
index 00000000..b676e2a9
--- /dev/null
+++ b/needles/console/boot_enter_passphrase-graphical.json
@@ -0,0 +1,15 @@
+{
+  "area": [
+    {
+      "xpos": 395,
+      "ypos": 362,
+      "width": 33,
+      "height": 40,
+      "type": "match"
+    }
+  ],
+  "properties": [],
+  "tags": [
+    "boot_enter_passphrase"
+  ]
+}
\ No newline at end of file
diff --git a/needles/console/boot_enter_passphrase-graphical.png b/needles/console/boot_enter_passphrase-graphical.png
new file mode 100644
index 0000000000000000000000000000000000000000..e7d66b3d39bd7ade8a4d32ea7176402ea631884f
GIT binary patch
literal 5835
zcmeHLX;f3!7QSJ20IWqpK){L*2POpp5t7trMP?O?OcFo^L1Y#XAqhSLT7+0AqGgh2
zskO`?L}f@YAeJd8G8-aem?4q?fei0lyV|w-lrCB8xt2fPkF&VB`|Q2H{eAlkm+QxD
z%%s;Uu7w~-+WhF@6A&Z@9z`K35%6b!*HtG7+MHy5`0JD5JyY~%f9G@6l)&El#Izqr
z2<kcP9nxA?ANxdmr+g><Ym7sUPb}xOOJL5OO~U5Mf|#y_U-#4|iF@olg^0)zsroki
zc-zZeiS&O2&Us`RRon6&+AIEO<=UkFMHVq;Zwu?|h?9oo!l*>sP+wn7Q3&E8hcpoo
zBn5Dw!GK^u8^FMW@eZUK`~YVBbqWk$4UG3KA9nu8uzxzgm+()^2Q%YgC?B-^O+lX-
zCNx~bDln<R^FJ|9XgJ3w#Ps*7emL{zhUrr;9XS4KdHU3tR?!l803SlQt$`pk{Im*B
zHF*9i8vJu3=`#^7RKtG_o^dj_y+o==tJ}BZE1-ey0(EA3_?{S`SNSK_aP9RknJpPg
zii*2aEIP!>&ttLGPWf0Ne*q=r1&8nQhVD+3oH=vG9x=Ma#`QlX=<;dJ&FvE$&r)wk
zxA-LWU7O>hqN1`91*a=+u?|439I}^$ghZZ5D}77|Vh;`u4hJ2uwyPJZ3B?@lC+MM2
zxFz<OMb6tr)){FiB-I}w@?>V9F21z1^a!rYTB51BnQ*gQ4i7;xlsEf~jBfw@AO}xB
zudmpjqy7^D0ZmT4K=qA{jX63x7ONF0^?xJhYBAyJ^4I42VCPV<NhC2!O<7S<t54ZD
zC&IHiC8?y__mS4-`2LoDYFz$CaL&D<Shj_DdXBuzvGk&4ng)+FjgF3fzujzr=u_77
z>eZ{MUJ`C;?EdxZ*H1i97lr#;(m{d6xXjFuMJ}pY37b8G0|NuGSgfC)wm{!JDVW)k
zKqST;%tj!Eyt%^arC*aJAvI83Qg?SZ5xF$VUtsu`Ii*<SxM=I>=)~1i`TExD2v28c
zXU7?ST;7X&X0-GJbF6w*^3r&2R^(fA9FE*B3X7*+=A>mKbnhU898FD4sTl0#g=u;(
z$zQ{KBgxw!&3zhmY5di2V=7hRzHOFFZ(Kc!&$i1Fh0k}H8@g;EE1xvL7Sh8QrV;GX
z@%G$ypR$v?6K>qdn}`AR9TQi@F1kO$33%MuJYiMnl+dqFQ*N#OMm$3gBf3^u0Vsy!
zPGFq#JBTR3Vxtb(<#EtCEEZ`cq|uE`RIrNWYn)@JsHIPXsVbV=A#yMh0m;PbTQi~-
z=m8q**>-kzm`GOL%a<pZMOn<XDCyo9Eyk6Zs+yXbL)jbVXQxOEKlU~XPEb$I5|U8L
zTZ}!+#=fht3&TDN9BfDtzH5@M^1i;l;^Ja~Kmah`xpT*isB#g>4^ve0-BO;Fo?aO;
zcA|@#pkz2;P9=x(hQ^%qFndnr8PK_#u8a~`>-^Wi8cwzXo>fs;<>?sj>KEsIS?2{s
z=en>VA^IkUlkUk{w#2Hp#4(@Btg_dWHn~yOPiktuutZ2f_zVX}$1xY$L|;{fGb+^(
z<RmUoRi0uEx{Z1>d8N;Aq51r{ooSZ5OmQ)Yk~kEUi*cHr?WeZzx1z$5C7yeVL-Y#}
zE(z#a)abaoZ(0-Tn06l&#y^%ufNsP`xlQdNKXxg}XBN<rlN#1-%^KzDj}x>v;rD|(
z4<*s;!Q_w8SdA=*7lER6m(1;o{w?9O4_6F6H7Yj5E)ocY>gsCHYU<stPz(?waqGd&
z^F^0UOb%E*H-jdz0-9%tI_Sqx4>z|rId=D3(oMJn@jA%x*}G)2&=$8eSB@0B=EaX?
z#+tfRM{?(@uE?sI+|JDG+X*!ZCtb^fMS*wu@X&9`@;W@$a4L~_<3=U>rRAOWToJ?a
zvN!^vu7%HHu~IQedu?0Xe7Bd9INBhsbTT9x(If<|*cF|Uk}}6+{9>P*VI~kP2)8II
zS|q7w(KIe{%frdXo_p!#yWCV~W!2O~&z6o^Tyl5cW)c-1{*zPGqng^0FQF$6&@H&$
z-cyC0X%`zC8*K$64a_$Ei>B>&=!1OSw;GQpga7&O(%~Z*G4{{}bg+cs?}@i39NFG9
z4YntJbjebzV7!~s|NWut*0#+|fv<D8$q$F5@b}N%Y<_4@PS}y!eCz(6>>c~2&U|Me
z17$(*8lL|esuV0uR8>{6w1l0mSG1}#$n#S|8_^hbqmz@4ri)&j+jn{6OvDt9!;y`N
zky2`+(ZY~c4jLpvJOKe}U%V))wtiYx#Y90_`3CXz<6w;&0&ZmWv7LDp(x}s}eg$$p
zX3P4g7<~U>`=I<3t340eeJm|4`}<Ekc*xa&MDPW(^-`epgT;>?DU5J#A_6064~Zj%
zofCB)dn=A4sqeX%-_bB~uxU6b<23&XXc-ZhsVjNizBabDaT3qVv@|tq2e0-FV)wML
z-O~b45@<ipbD=a1F*-BD2=KT-^ld@BTOol^C3hqZgtg&;f&qw(LTEfvWP?A|Gv|bN
zaxi4<C1aukm2AN<Y&sW{#X$3Jb#!&jOiz#OC&&-rY^<&KD<(WG-8WSz+5C{U9{V;S
zODSDcci+AeR^`YBHMpITQuwk?MAwiOFaP<lL1pVq@&x?p0W2yOZ4Xa8(A3rrZ9!a{
zVUY^w(`r?&`SaqA{?e%z&piwBC#s^V1EJa%nBTRrQJBzit#sHaH*lT2eLIl)4E+Ga
zjYRgT7>Asn3x*81VsE@99D?BJedcZKk>)h_5~7d`7H9a5HyIhCy2i#n<_N&n@~JQy
z;%HKBk_fDM;gNgC^X=p7JebP(a0OaR3&QBieBKUmG}uKj?s>T7DH1i0;cGzsfebX!
zS>`BZfKM$E$W155JA%K&3BQK>nIDZ-7zm4$p|rN%+%b%KRp9OO1)l$`*NuYQ#CSuz
z7b%4gmqEWunSg5J*A~*-`4x7A$m*L5EmEh0y?h$Jf|e5)!4yG;pi`WJ%2+0ahx+qM
zghkY2A}nmB7K2RcI-0Q!P2vR!na(6XM@fLq*L#VG;i^7kdlVb#>TZx_&5Z3biO{#p
zZGT$pTB!4FZpvab`o4V6ebJ!-E7i=Pq37SbXs@AxO97Qi?Z<}CK1)zCH8t(OzD;4k
zu`Y0#%<t6LtO{>ihKLPHYOif<Y+S1%%3KRm8;5nP3p2ZxPd>uzlrxrnRvOc$Kc%cG
zH&Ylj)Kz>2G|yh8rvmD0#)0In26*$BM>C7kU9{zYp7SVn0C>(~cBc%GAT2Gey6smz
zww=XZI)^X2B1JNHK1vAaJ+D7dgE~IHt5F6I_Krqq)QTC{N@LFLp^b~7y_RIdjPFH8
z`n@)vcD$e}4}ZDh`7fc27bb~|te7_)rN*eKvy`5>h*DaE34iU~OT7*Oa0g($@ht(W
zL@B3=W)$D`?j<U}hbEb)3+sld$JcCyLTLmF1TTb@ud&K#PK2pzfP7c6uR%p+rSDe2
zjxwaDr$;zcV@&ari?6fD@qk}WVlo=p*tupyKA&IEv##Rueh!Bd#piUw_n3;*_3PI=
zh~KUFSL5r~F4@Pzhf_}3_c-O>Iv1TU@UTe&$6a=IHaMF5JMx_a+42zD5NAhBNN^Ot
z>pYOB>Q7Wf37#qWua}ioMMictP&R`VesXupL}wv`j3etUt%Hk@yoab<kUhxbRC-Pu
z@<r(>Br$ZSWUB6hlB3%K!fi=X3<|iZNSPF&H^A3$<=ZuN$I))n;I-Qi2xvZb0?>d5
z15gLSJK@LN)zR=Y5ir1#`WR<5Fb(AXuYW$Q?7XrC4M%z}^J>47;P`5Aq|XS`D(HU)
zTZFRlqqxVzb^Z|?4gYwLJ~jC52dP-uf`@(n2>Yk=|AhmrpkZoOCV6Gc%5A)|MGa2&
zo_6mEgNCQAoOxx-hcmyI@FRr(%rN0$Mpl6d4bT6?JmKLS|65FMsRC7bc~ol2De*7i
O=;q(p94<KIcJ)68+{g<6

literal 0
HcmV?d00001

diff --git a/templates b/templates
index d8154fce..2fa6ecab 100755
--- a/templates
+++ b/templates
@@ -809,6 +809,17 @@
                                     },
                       test_suite => { name => "upgrade_kde_64bit" },
                     },
+                    {
+                      machine    => { name => "64bit" },
+                      prio       => 30,
+                      product    => {
+                                      arch    => "x86_64",
+                                      distri  => "fedora",
+                                      flavor  => "universal",
+                                      version => "*",
+                                    },
+                      test_suite => { name => "upgrade_desktop_encrypted_64bit" },
+                    },
                     {
                       machine    => { name => "64bit" },
                       prio       => 50,
@@ -853,6 +864,17 @@
                                     },
                       test_suite => { name => "upgrade_2_kde_64bit" },
                     },
+                    {
+                      machine    => { name => "64bit" },
+                      prio       => 50,
+                      product    => {
+                                      arch    => "x86_64",
+                                      distri  => "fedora",
+                                      flavor  => "universal",
+                                      version => "*",
+                                    },
+                      test_suite => { name => "upgrade_2_desktop_encrypted_64bit" },
+                    },
                     {
                       machine    => { name => "64bit" },
                       prio       => 40,
@@ -1577,6 +1599,19 @@
                         { key => "DESKTOP", value => "kde" },
                       ],
                     },
+                    {
+                      name => "upgrade_desktop_encrypted_64bit",
+                      settings => [
+                        { key => "ROOT_PASSWORD", value => "weakpassword" },
+                        { key => "USER_LOGIN", value => "test" },
+                        { key => "USER_PASSWORD", value => "weakpassword" },
+                        { key => "BOOTFROM", value => "c" },
+                        { key => "HDD_1", value => "disk_f%CURRREL%_desktopencrypt_x86_64.img" },
+                        { key => "UPGRADE", value => "1" },
+                        { key => "DESKTOP", value => "gnome" },
+                        { key => "ENCRYPT_PASSWORD", value => "weakpassword" },
+                      ],
+                    },
                     {
                       name => "upgrade_2_minimal_64bit",
                       settings => [
@@ -1623,6 +1658,19 @@
                         { key => "DESKTOP", value => "kde" },
                       ],
                     },
+                    {
+                      name => "upgrade_2_desktop_encrypted_64bit",
+                      settings => [
+                        { key => "ROOT_PASSWORD", value => "weakpassword" },
+                        { key => "USER_LOGIN", value => "test" },
+                        { key => "USER_PASSWORD", value => "weakpassword" },
+                        { key => "BOOTFROM", value => "c" },
+                        { key => "HDD_1", value => "disk_f%PREVREL%_desktopencrypt_x86_64.img" },
+                        { key => "UPGRADE", value => "1" },
+                        { key => "DESKTOP", value => "gnome" },
+                        { key => "ENCRYPT_PASSWORD", value => "weakpassword" },
+                      ],
+                    },
                     {
                       name => "upgrade_desktop_32bit",
                       settings => [
diff --git a/tests/_graphical_wait_login.pm b/tests/_graphical_wait_login.pm
index d94ac133..fab943e8 100644
--- a/tests/_graphical_wait_login.pm
+++ b/tests/_graphical_wait_login.pm
@@ -5,9 +5,11 @@ use testapi;
 sub run {
     # If KICKSTART is set, then the wait_time needs to consider the
     # install time. if UPGRADE, we have to wait for the entire upgrade
+    # unless ENCRYPT_PASSWORD is set (in which case the postinstall
+    # test does the waiting)
     my $wait_time = 300;
     $wait_time = 1800 if (get_var("KICKSTART"));
-    $wait_time = 6000 if (get_var("UPGRADE"));
+    $wait_time = 6000 if (get_var("UPGRADE") && !get_var("ENCRYPT_PASSWORD"));
 
     # Wait for the login screen
     assert_screen "graphical_login", $wait_time;
diff --git a/tests/disk_guided_encrypted_postinstall.pm b/tests/disk_guided_encrypted_postinstall.pm
index 29a76274..0c8cc70b 100644
--- a/tests/disk_guided_encrypted_postinstall.pm
+++ b/tests/disk_guided_encrypted_postinstall.pm
@@ -3,10 +3,13 @@ use strict;
 use testapi;
 
 sub run {
+    my $self = shift;
+    my $wait_time = 300;
+    # if we're running an upgrade, we must wait for the entire upgrade
+    # process to run
+    $wait_time = 6000 if (get_var("UPGRADE"));
     # decrypt disks during boot
-    assert_screen "boot_enter_passphrase", 300; #
-    type_string get_var("ENCRYPT_PASSWORD");
-    send_key "ret";
+    $self->boot_decrypt($wait_time);
 }
 
 sub test_flags {
diff --git a/tests/upgrade_preinstall.pm b/tests/upgrade_preinstall.pm
index a86926e9..91936753 100644
--- a/tests/upgrade_preinstall.pm
+++ b/tests/upgrade_preinstall.pm
@@ -4,6 +4,10 @@ use testapi;
 
 sub run {
     my $self = shift;
+    # decrypt disks during boot if necessary
+    if (get_var("ENCRYPT_PASSWORD")) {
+        $self->boot_decrypt(60);
+    }
 
     # wait for either graphical or text login
     if (get_var('DESKTOP')) {
@@ -22,6 +26,11 @@ sub run {
 
     script_run "reboot";
 
+    # decrypt if necessary
+    if (get_var("ENCRYPT_PASSWORD")) {
+        $self->boot_decrypt(60);
+    }
+
     if (get_var('DESKTOP')) {
         $self->boot_to_login_screen("graphical_login", 30, 90); # DM takes time to load
     } else {
diff --git a/tests/upgrade_run.pm b/tests/upgrade_run.pm
index 7ac0b3cf..62a2bc9d 100644
--- a/tests/upgrade_run.pm
+++ b/tests/upgrade_run.pm
@@ -23,16 +23,31 @@ sub run {
 
     script_run "dnf system-upgrade reboot";
     # fail immediately if we see a DNF error message
-    die "DNF reported failure" if (check_screen "upgrade_fail");
+    die "DNF reported failure" if (check_screen "upgrade_fail", 15);
+    if (get_var("ENCRYPT_PASSWORD")) {
+        $self->boot_decrypt(60);
+    }
     # try and catch if we hit RHBZ #1349721 and work around it
     if (check_screen "bootloader") {
         # wait some secs for the screen to clear
         sleep 10;
+        if (get_var("ENCRYPT_PASSWORD")) {
+            $self->boot_decrypt(60);
+        }
         if (check_screen "bootloader") {
             record_soft_failure;
             $self->do_bootloader(postinstall=>1, params=>"enforcing=0");
+            if (get_var("ENCRYPT_PASSWORD")) {
+                $self->boot_decrypt(60);
+            }
         }
     }
+    # in encrypted case we need to wait a bit so postinstall test
+    # doesn't bogus match on the encryption prompt we just completed
+    # before it disappears from view
+    if (get_var("ENCRYPT_PASSWORD")) {
+        sleep 5;
+    }
 }